national security policy – SSL and internet security news

CVE Program Almost Unfunded

April 16, 2025 infossl

cybersecurity, dhs, national security policy, Security technology, Uncategorized, vulnerabilities

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common … Read More “CVE Program Almost Unfunded” »

Arguing Against CALEA

April 8, 2025 infossl

CALEA, cybersecurity, eavesdropping, national security policy, Security technology, telecom, Uncategorized

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that … Read More “Arguing Against CALEA” »

DIRNSA Fired

April 7, 2025 infossl

national security policy, nsa, privacy, Security technology, surveillance, Uncategorized

In “Secrets and Lies” (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. It’s something a bunch of us were saying at the time, in reference to the vast NSA’s surveillance capabilities. I have been thinking of that quote a lot as I read news stories … Read More “DIRNSA Fired” »

NIST Releases First Post-Quantum Encryption Algorithms

August 15, 2024 infossl

cryptography, encryption, national security policy, nist, quantum computing, security standards, Security technology, Uncategorized

From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: … Read More “NIST Releases First Post-Quantum Encryption Algorithms” »

Problems with Georgia’s Voter Registration Portal

August 7, 2024 infossl

fraud, Georgia, identification, national security policy, Security technology, Uncategorized, voting

It’s possible to cancel other people’s voter registration: On Friday, four days after Georgia Democrats began warning that bad actors could abuse the state’s new online portal for canceling voter registrations, the Secretary of State’s Office acknowledged to ProPublica that it had identified multiple such attempts… …the portal suffered at least two security glitches that … Read More “Problems with Georgia’s Voter Registration Portal” »

On the CSRB’s Non-Investigation of the SolarWinds Attack

July 8, 2024 infossl

cyberattack, cyberespionage, dhs, microsoft, national security policy, russia, Security technology, Uncategorized

ProPublica has a long investigative article on how the Cyber Safety Review Board failed to investigate the SolarWinds attack, and specifically Microsoft’s culpability, even though they were directed by President Biden to do so. Powered by WPeMatico

The US Is Banning Kaspersky

June 26, 2024 infossl

antivirus, cyberespionage, espionage, national security policy, Security technology, Uncategorized

This move has been coming for a long time. The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—the first such action under authorities given to … Read More “The US Is Banning Kaspersky” »

Espionage with a Drone

June 6, 2024 infossl

drones, espionage, national security policy, photos, Security technology, Uncategorized

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone. Powered by WPeMatico

Microsoft and Security Incentives

April 23, 2024 infossl

cybersecurity, incentives, microsoft, national security policy, Security technology, Uncategorized

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft: Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue … Read More “Microsoft and Security Incentives” »

OpenAI Is Not Training on Your Dropbox Documents—Today

December 19, 2023 infossl

artificial intelligence, data collection, national security policy, Security technology, trust, Uncategorized

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced, but there’s still a lot of confusion. It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t … Read More “OpenAI Is Not Training on Your Dropbox Documents—Today” »